check124 error #93
Labels
Comments
|
Thanks @zorangagic good catch! I have tested in OSX with two policies: And it works with the existing command in OSX. Can you try with Thanks in advance. |
|
Hi @zorangagic, have you tried those commands? Thanks in advance. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When I run ./prowler -c check124 I get following error:
(....some lines deleted....)
1.24 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)
INFO! Looking for custom policies: (skipping default policies - it may take few seconds...)
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
When I run bash this with bash -x I get:
POLICY_VERSION='v2
v3'
++ /usr/bin/aws iam get-policy-version --output text --policy-arn arn:aws:iam::123456789012:policy/myrole --version-id v2 v3 --query 'PolicyVersion.Document.Statement[?Effect == '''Allow''' && contains(Resource, '''''') && contains (Action, '''''')]' --profile default --region us-east-1
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
Looks like bug with line:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -w $policy |awk '{ print $2}')
If there are two policies:
arn:aws:iam::123456789012:policy/mypolicy - which is v2
arn:aws:iam::123456789012:policy/mypolicy2 - which is v3
It will produce POLICY_VERSION='v2
v3'
Change line to:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -P "$policy\t" |awk '{ print $2}')
The text was updated successfully, but these errors were encountered: